Key Facts

Remote From:

New York (USA)

Category: DevSecOps Engineer

Full time

Senior (5-10 years)

165 - 165K yearly

English

Hard Skills

Risk Analysis Threat Modeling Security Implementation Software Engineering Cyber Security Identity And Access Management Endpoint Security Automation Protocols Amazon Web Services gRPC +7 more

Other Skills

•
Collaboration
•
Communication
•
Problem Solving
•
Adaptability

Roles & Responsibilities

5+ years of experience in software engineering and/or security engineering space
Understanding of security controls across various security domains
Knowledge of one or more Cloud platforms (AWS, GCP)
Programming skills in at least one language (Go, Python)

Requirements:

Create an environment that favors context, not control
Design, implement, and operate security controls and services
Partner with product and platform teams to integrate security
Perform security reviews, threat modeling, and risk assessments

The New York Times

Publishing

About The New York Times

The New York Times is powered by the idea that independent, deeply reported journalism fuels a healthy and engaged society. Our reporters, columnists, editors, engineers, designers, data analysts, developers and marketers breathe life into the most important topics of our time and tell stories that might otherwise go untold. Whether bringing new truths to light with our reporting, building innovative products that deliver a best-in-class digital experience, or analyzing data to understand how we can best serve our readers, our people power the world’s top destination for journalism. Working at The Times means envisioning and developing the future of journalism. Bring your passion, perspective and experience and join us as we seek the truth and help people understand the world. Check out our career opportunities (nytco.com/careers) and follow our page to connect with Times employees, journalists and readers.

Industry: Publishing

Founded: 2018

Company size: 1001 - 5000

LinkedIn See all jobs →

Job description

The mission of The New York Times is to seek the truth and help people understand the world. That means independent journalism is at the heart of all we do as a company. It’s why we have a world-renowned newsroom that sends journalists to report on the ground from nearly 160 countries. It’s why we focus deeply on how our readers will experience our journalism, from print to audio to a world-class digital and app destination. And it’s why our business strategy centers on making journalism so good that it’s worth paying for.

About the Role

The Senior Engineer, Cybersecurity is a hands-on contributor who designs, builds, and operates security controls and services that protect The Times' systems, data, and users. As a member of the Security Architecture team, you will own complex initiatives end-to-end, drive measurable risk reduction, and collaborate across product engineering and enterprise technology with technical depth, operational rigor, and clear communication aligned with business outcomes.

Cybersecurity helps prevent The Times from becoming news. Our teams work to protect the news makers, their support staff, the platforms they rely on every day, as well as all of The Times' products and services, and our readers who consume them.

Responsibilities:

Create an environment that favors context, not control. Empower product engineers and ensure they have the relevant information and tools to deliver secure products and services.
Design, implement, and operate security controls and services (e.g., identity and access management, secrets management, endpoint/agent hardening, network segmentation, detection, and response automation) that meet reliability, security, scalability, and observability standards.
Partner with product and platform teams to integrate security into architecture and developer workflows while articulating business impact and tradeoffs.
Perform security reviews, threat modeling, and risk assessments (code, design, 3rd-party apps).
Investigate and resolve urgent and/or complex security issues, triaging effectively and driving architectural changes that prevent recurrence.
Participate via RFCs, community of practices, and other internal knowledge sharing channels to share learnings, align on standards, and influence secure patterns across areas; model The Times' core values in cross-functional collaboration.
Support team growth through peer design/code review, pairing, and clear feedback.
Demonstrate support and understanding of our value of journalistic independence and a strong commitment to our mission to seek the truth and help people understand the world.
This role reports to the Director of Engineering, Cybersecurity.

Basic Qualifications:

5+ years of experience in software engineering and/or security engineering space
Understanding of security controls across a variety of security domains, including access management, encryption, vulnerability management, AI security, network security, authentication/authorization, etc
Knowledge of one or more Cloud platforms (AWS, GCP) and best practices for architecting and securing
Experience with software engineering practices (CI/CD, GitOps, IaC, etc.) and related security practices (SAST, SCA, secure by design, shift left, etc.)
Programming skills in at least one language (Go, Python)
Experience with containerization and orchestration platforms

Preferred Qualifications:

Security/Compliance or DevOps certifications
Experience with Kubernetes
Experience with Terraform and Packer
Experience with HashCorp Vault

This role may require limited on-call hours. An on-call schedule will be determined when you join, taking into account team size and other variables.

REQ-019399

The annual base pay range for this role is between:

$145,000—$165,000 USD

For roles in the U.S., dependent on your role, you may be eligible for variable pay, such as an annual bonus and restricted stock. Benefits may include medical, dental and vision benefits, Flexible Spending Accounts (F.S.A.s), a company-matching 401(k) plan, paid vacation, paid sick days, paid parental leave, tuition reimbursement and professional development programs.

For roles outside of the U.S., information on benefits will be provided during the interview process.

We’re excited to learn more about you and your experience. To keep our hiring process as fair and authentic as possible, we ask that you submit your own work and not use GenAI tools to generate substantive content during the application and interview process.

If you’re an Engineering candidate, we’ll let you know what specific GenAI tools you are permitted to use for your technical assessment.

The New York Times Company is committed to being the world’s best source of independent, reliable and quality journalism. To do so, we embrace a diverse workforce that has a broad range of backgrounds and experiences across our ranks, at all levels of the organization. We encourage people from all backgrounds to apply.

We are an Equal Opportunity Employer and do not discriminate on the basis of an individual's sex, age, race, color, creed, national origin, alienage, religion, marital status, pregnancy, sexual orientation or affectional preference, gender identity and expression, disability, genetic trait or predisposition, carrier status, citizenship, veteran or military status and other personal characteristics protected by law. All applications will receive consideration for employment without regard to legally protected characteristics. The U.S. Equal Employment Opportunity Commission (EEOC)’s Know Your Rights Poster is available here.

The New York Times Company will provide reasonable accommodations as required by applicable federal, state, and/or local laws. Individuals seeking an accommodation for the application or interview process should email reasonable.accommodations@nytimes.com. Emails sent for unrelated issues, such as following up on an application, will not receive a response.

The Company encourages those with criminal histories to apply, and will consider their applications in a manner consistent with applicable "Fair Chance" laws, including but not limited to the NYC Fair Chance Act, the Los Angeles Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act.

For information about The New York Times' privacy practices for job applicants click here.

Please beware of fraudulent job postings. Scammers may post fraudulent job opportunities, and they may even make fraudulent employment offers. This is done by bad actors to collect personal information and money from victims. All legitimate job opportunities from The New York Times will be accessible through The New York Times careers site. The New York Times will not ask job applicants for financial information or for payment, and will not refer you to a third party to do so. You should never send money to anyone who suggests they can provide employment with The New York Times.

If you see a fake or fraudulent job posting, or if you suspect you have received a fraudulent offer, you can report it to The New York Times at NYTapplicants@nytimes.com. You can also file a report with the Federal Trade Commission or your state attorney general.